The approaches described in this section could be pursued but are not necessarily approaches that have previously been conceived or pursued. Therefore, unless otherwise indicated, it should not be assumed that any of the approaches described in this section qualify as prior art merely by virtue of their inclusion in this section.
A Denial of Service (DOS) attack is typically an attempt to make a network machine or network resource unavailable to intended users. Generally speaking, a DoS attack is an attempt to overwhelm the capacity of a server in order to interrupt or suspend functioning of network resources associated with the server. Traditional methods for detecting DoS attacks are typically based on monitoring incoming traffic and detecting the DoS attack based on an observation of a large increase in traffic, especially when a large portion of the traffic originates from a single IP address. In this case, mitigating the DoS attack includes filtering out the traffic associated with any IP addresses identified as malicious.
However, the aforementioned technique for mitigating a DOS attack may not be very effective in mitigating a Distributed Denial of Service (DDoS) attack. In case of a DDoS attack, incoming traffic may originate from a large number of attacking machines, each having a distinct IP address.